[kwlug-disc] OT? Running Wifi hotspots sanely

John Kerr jkerr0102 at rogers.com
Tue Mar 23 17:00:29 EDT 2010


Hi
It was written:
"I actually have been reading about "voucher" systems, which will give
unique time-limited logins for each user. They do not exist for the
current version of pfSense (whose Captive Portal functionality is not
that good, as it turns out). I think in the future we may move in that
direction." 

As it came to pass I write:

In order to KYAC in case a user does something you do not want a police 
call about, you probably will want a user to do some form of registration.

Robarts Library at u of T has all of the computer terminals locked down.
Unless you have a U of T card, you do not get on. A limited number of Internet
access computers are available after you swipe a UofT Alumni card or your 
drivers license in a reader that prints out a login and password for you. 


Starbucks has us register with Bell. I think that registration will be the norm
in the near future for any wireless access (is it just a test case away?) and you 
are not being paranoid for searching for a security solution.
I think that a Linux box for a gateway should be able to do this very easily.

Could a Drupal site work as a gateway? Register with your e-mail address, 
access information is sent to your email address, go to your webmail on a special 
"2 minutes and your off" computer to get your login and password.


Best regards,

John


________________________________
From: Paul Nijjar <paul_nijjar at yahoo.ca>
To: KWLUG discussion <kwlug-disc at kwlug.org>
Sent: Tue, March 23, 2010 3:29:21 PM
Subject: Re: [kwlug-disc] OT? Running Wifi hotspots sanely

On Tue, Mar 23, 2010 at 08:36:29AM -0400, Myles Braithwaite wrote:

> On Monday, March 22, 2010, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> > - Do I want to have any kind of encryption (WPA/WPA2) on the wireless
> >   routers? Or should I be leaving the access unencrypted and have the
> >   portal page do all the authentication?
> 
> It comes down to if you want your network encryped or not. If any of
> your users are going to use services that don't have https it might be
> a good idea.

I kind of would like to have encryption, but that adds another layer
of hassle to the people using the network and the people who are
helping them (who are not me). 

> If you are scared of someone downloading things they shouldn't, having
> a unique username might be a decent legal defence.

I don't think that will work well in a coffee-shop-type environment,
no? 

I actually have been reading about "voucher" systems, which will give
unique time-limited logins for each user. They do not exist for the
current version of pfSense (whose Captive Portal functionality is not
that good, as it turns out). I think in the future we may move in that
direction. 

> > - Because I am a terrible paranoid person, so far I am only allowing
> >   traffic out on DNS and HTTP/HTTPS ports (which I understand may not
> >   be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
> >   public access locations generally permit traffic more liberally?
> 
> Yes that is common but I don't like it.

I don't like it either. I get frustrated when trying to check my mail
from the public library, because I can't use SSH with PuTTY. 

What other services are sometimes offered? 

- Paul

-- 
http://pnijjar.freeshell.org


_______________________________________________
kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100323/9b6eeaf3/attachment.html>


More information about the kwlug-disc_kwlug.org mailing list